Audit Processes Add Value and Objectivity to Cyber Risk and Security Programming – Part 1

This is Part One of a Two-Part blog series on Cybersecurity’s impact on Audit Management, by guest blogger Simon Goldstein. When risk professionals think about integrating enterprise resources, they often exclude or overlook audit functions, internal and external.  Executive management relies upon Audit for trusted feedback into its enterprise governance efforts. Audit is a great[…]

The Oft Transparent Link in Cyber Security’s Risk Chain — People!

This is Part Five of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein. Too often cyber security, and related risk management, is viewed as a purely technological matter pertaining only to the processes and practices reliant upon IT assets, systems, partners and services. Reality is quite different.  Cyber Security is[…]

The Seven Performance Steps to Managing Risk, the NIST Way

This is Part Four of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein. Every approach to risk management, cyber-oriented, operational, IT, financial, and so on covers the core basics NIST describes as Identify, Protect, Detect, Respond, and Recover.  And there are also many ways to describe the performance operations needed[…]

What Senior Execs Need to Know about their Cyber Risk Program

This is Part Three of a Six-Part blog series on Cyber Risk Management from guest blogger Simon Goldstein Senior Executives perform an important role in any effective cyber risk and security program. They are the executors of the governance function. They provide direction, resources, and policy leadership. They are neither a rubber stamp, nor simply[…]

How Technology Enables Enterprise Risk Management

This is the final blog of a four-part series on ERM from guest blogger Michael Rasmussen of GRC 20/20 Research.   Risk management fails when information is scattered, redundant, non-reliable, and managed as a system of parts that do not integrate and work as a collective whole. The risk management information architecture supports the process architecture[…]

The Evolution Of GRC As Compliance And Risk Management Become More Complex

The core functionality of GRC has evolved in response to the need for a standardized and centralized data and process management structure supporting compliance and risk management functions in light of increasing complexity in both activities. As GRC further evolves into an enterprise platform, these capabilities cease to be solution differentiators, although they are no[…]